﻿<?php require_once('../Connections/conexao.php');?> 
<?php include ('../class/W3_Image.class.php');?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
$strkey = substr(md5(uniqid(microtime())), 0, 28);
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
  $insertSQL = sprintf("INSERT INTO produtos (pro_nome, pro_foto, pro_descricao, id_categoria, id_subcategoria, id_adm, pro_tags, pro_estoque, pro_precp, pro_lançamento, pro_status, Pro_home) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
                       GetSQLValueString($_POST['pro_nome'], "text"),
                       GetSQLValueString($strkey . '.jpg', "text"),
                       GetSQLValueString($_POST['pro_descricao'], "text"),
                       GetSQLValueString($_POST['id_categoria'], "int"),
                       GetSQLValueString($_POST['id_subcategoria'], "int"),
                       GetSQLValueString($_POST['id_adm'], "int"),
                       GetSQLValueString($_POST['pro_tags'], "text"),
                       GetSQLValueString($_POST['pro_estoque'], "int"),
                       GetSQLValueString($_POST['pro_precp'], "double"),
                       GetSQLValueString($_POST['pro_lanamento'], "text"),
                       GetSQLValueString($_POST['pro_status'], "text"),
                       GetSQLValueString($_POST['Pro_home'], "text"));

  mysql_select_db($database_conexao, $conexao);
  $Result1 = mysql_query($insertSQL, $conexao) or die(mysql_error());
  
  $strImageTmp = $_FILES['pro_foto']['tmp_name'];
  $objetoImg = new W3_Image;
  $objetoImg->create( $strImageTmp, 75, 75, '../../../img/img-produto/'. $strkey . '.tumb.jpg');
  $objetoImg->create( $strImageTmp, 640, 480, '../../../img/img-produto/'. $strkey . '.jpg');
  
  $insertGoTo = "../../produtos.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $insertGoTo));
}
mysql_select_db($database_conexao, $conexao);
$query_rscat = "SELECT * FROM categorias ORDER BY id_categoria ASC";
$rscat = mysql_query($query_rscat, $conexao) or die(mysql_error());
$row_rscat = mysql_fetch_assoc($rscat);
$totalRows_rscat = mysql_num_rows($rscat);

mysql_select_db($database_conexao, $conexao);
$query_rssubcat = "SELECT * FROM subcategorias ORDER BY id_subcategoria ASC";
$rssubcat = mysql_query($query_rssubcat, $conexao) or die(mysql_error());
$row_rssubcat = mysql_fetch_assoc($rssubcat);
$totalRows_rssubcat = mysql_num_rows($rssubcat);

$colname_rsadmlogado = "-1";
if (isset($_SESSION['MM_Username'])) {
  $colname_rsadmlogado = $_SESSION['MM_Username'];
}
mysql_select_db($database_conexao, $conexao);
$query_rsadmlogado = sprintf("SELECT id_adm FROM `admin` WHERE adm_login = %s", GetSQLValueString($colname_rsadmlogado, "text"));
$rsadmlogado = mysql_query($query_rsadmlogado, $conexao) or die(mysql_error());
$row_rsadmlogado = mysql_fetch_assoc($rsadmlogado);
$totalRows_rsadmlogado = mysql_num_rows($rsadmlogado);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<!-- TemplateBeginEditable name="doctitle" -->
<title>inserir Produto</title>
<script type="text/javascript" src="../js/tiny_mce.js"></script>
<script type="text/javascript">
	tinyMCE.init({
		 theme : "advanced",
        mode : "textareas",
        plugins : "fullpage",
        theme_advanced_buttons3_add : "fullpage"
	});
</script>

</head>

<body>
<table width="960" align="center">
  <tr>
    <td colspan="2">
	<?php include ('../temadmin/cabecalho.php'); ?>

</td>
  </tr>
  <tr>
    <td colspan="2">
	<?php include ('../temadmin/menu_vertical.php'); ?>
    </td>
  </tr>
  <tr>
    <td width="250"valign="baseline">
	<?php include ('../temadmin/menu.php'); ?>
    </td>
    <td width="698" >
   		<table width="99%">
  <tr>
    <th width="17%" scope="col">&nbsp;</th>
    <th width="63%" scope="col">Inserir Produtos</th>
    <th width="20%" scope="col">&nbsp;</th>
  </tr>
  <tr>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
  </tr>
  <tr>
    <td>&nbsp;</td>
    <td>&nbsp;
      <form action="<?php echo $editFormAction; ?>" method="post" enctype="multipart/form-data" name="form1" id="form1">
        <table border="1" align="center">
          <tr valign="baseline">
            <td align="right" nowrap="nowrap" bgcolor="#CCCCCC">Nome:</td>
            <td bgcolor="#CCCCCC"><input type="text" name="pro_nome" value="" size="32" /></td>
          </tr>
          <tr valign="baseline">
            <td align="right" nowrap="nowrap" bgcolor="#CCCCCC">Foto:</td>
            <td bgcolor="#CCCCCC">
              <input name="pro_foto" type="file" size="32" />
            </td>
          </tr>
          <tr valign="baseline">
            <td colspan="2" align="center" nowrap="nowrap" bgcolor="#CCCCCC">Descricao:</td>
            </tr>
            <tr valign="baseline">
            <td colspan="2" align="center" bgcolor="#CCCCCC">
              <textarea name="pro_descricao" cols="50" rows="15"></textarea>
            </td>
              </tr>
          <tr valign="baseline">
            <td align="right" nowrap="nowrap" bgcolor="#CCCCCC">Categoria:</td>
            <td bgcolor="#CCCCCC"><select name="id_categoria">
              <?php 
do {  
?>
              <option value="<?php echo $row_rscat['id_categoria']?>" ><?php echo $row_rscat['categoria']?></option>
              <?php
} while ($row_rscat = mysql_fetch_assoc($rscat));
?>
              </select></td>
          </tr>
          <tr valign="baseline">
            <td align="right" nowrap="nowrap" bgcolor="#CCCCCC">Subcategoria:</td>
            <td bgcolor="#CCCCCC"><select name="id_subcategoria">
              <?php 
do {  
?>
              <option value="<?php echo $row_rssubcat['id_subcategoria']?>" ><?php echo $row_rssubcat['Subcategoria']?></option>
              <?php
} while ($row_rssubcat = mysql_fetch_assoc($rssubcat));
?>
              </select></td>
          </tr>
          <tr valign="baseline">
            <td align="right" nowrap="nowrap" bgcolor="#CCCCCC">Tags:</td>
            <td bgcolor="#CCCCCC"><input type="text" name="pro_tags" value="" size="32" /></td>
          </tr>
          <tr valign="baseline">
            <td align="right" nowrap="nowrap" bgcolor="#CCCCCC">Estoque:</td>
            <td bgcolor="#CCCCCC"><input type="text" name="pro_estoque" value="" size="6" /></td>
          </tr>
          <tr valign="baseline">
            <td align="right" nowrap="nowrap" bgcolor="#CCCCCC">Preço:</td>
            <td bgcolor="#CCCCCC"><input type="text" name="pro_precp" value="" size="6" /></td>
          </tr>
          <tr valign="baseline">
            <td align="right" nowrap="nowrap" bgcolor="#CCCCCC">Lançamento:</td>
            <td bgcolor="#CCCCCC"><select name="pro_lanamento">
              <option value="sim" <?php if (!(strcmp("sim", ""))) {echo "SELECTED";} ?>>Sim</option>
              <option value="nao" <?php if (!(strcmp("nao", ""))) {echo "SELECTED";} ?>>Não</option>
            </select></td>
          </tr>
          <tr valign="baseline">
            <td align="right" nowrap="nowrap" bgcolor="#CCCCCC">Status:</td>
            <td bgcolor="#CCCCCC"><select name="pro_status">
              <option value="on" <?php if (!(strcmp("on", ""))) {echo "SELECTED";} ?>>Visivel</option>
              <option value="off" <?php if (!(strcmp("off", ""))) {echo "SELECTED";} ?>>Oculto</option>
            </select></td>
          </tr>
          <tr valign="baseline">
            <td align="right" nowrap="nowrap" bgcolor="#CCCCCC">Exibir na home?</td>
            <td bgcolor="#CCCCCC"><select name="Pro_home">
              <option value="sim" <?php if (!(strcmp("sim", ""))) {echo "SELECTED";} ?>>Sim</option>
              <option value="nao" <?php if (!(strcmp("nao", ""))) {echo "SELECTED";} ?>>Não</option>
            </select></td>
          </tr>
          <tr valign="baseline">
            <td colspan="2" align="center" nowrap="nowrap" bgcolor="#CCCCCC"><input type="submit" value="Inserir registro" /></td>
            </tr>
        </table>
        <input type="hidden" name="id_adm" value="<?php echo $row_rsadmlogado['id_adm']; ?>" />
        <input type="hidden" name="MM_insert" value="form1" />
      </form>
      <p>&nbsp;</p></td>
    <td>&nbsp;</td>
  </tr>
  <tr>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
  </tr>
</table>

    </td>
  </tr>
  <tr>
    <td colspan="2">
	<?php include ('../temadmin/rodape.php'); ?>
    </td>
  </tr>
</table>


</body>
</html>
<?php
mysql_free_result($rscat);

mysql_free_result($rssubcat);

mysql_free_result($rsadmlogado);
?>
